Irish Standard I.S. EN ISO 19011:2011 Guidelines for auditing management systems (ISO 19011:2011) NSAI 2011 No copying without NSAI permission except as permitted by copyright law.
EN ISO 19011:2011/LC:2011-11 I.S. xxx: Irish Standard national specification based on the consensus of an expert panel and subject to public consultation. S.R. xxx: Standard Recommendation - recommendation based on the consensus of an expert panel and subject to public consultation. SWiFT xxx: A rapidly developed recommendatory document based on the consensus of the participants of an NSAI workshop. EN ISO 19011:2002 EN ISO 19011:2011 This document was published under the authority of the NSAI and comes into effect on: 28 November, 2011 28 November, 2011 03.120.10 13.020.10 1 Swift Square, Northwood, Santry Dublin 9 T +353 1 807 3800 F +353 1 807 3838 E standards@nsai.ie W T +353 1 857 6730 F +353 1 857 6729 W standards.ie Údarás um Chaighdeáin Náisiúnta na héireann
I.S. EN ISO 19011:2011 Correction Notice EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG Reference: EN ISO 19011:2011 Title: Guidelines for auditing management systems (ISO 19011:2011) Work Item: CSF20052 Brussels, 2011-11-30 With reference to the above, please include the following minor editorial correction(s) in the document related to: TAN the following language version(s) : English French German for the following procedure : PQ/UQ Enquiry 2nd Enquiry Parallel Enquiry ( ISO/ CEN Lead ) 2 nd Parallel Enquiry ( ISO/ CEN Lead ) Formal Vote 2 nd Formal Vote Parallel Formal Vote ( ISO/ CEN Lead ) 2 nd Parallel Formal Vote ( ISO/ CEN Lead ) UAP TC Approval 2 nd TC Approval Publication Parallel Publication ( ISO/ CEN Lead ) It has been brought to our attention that this document, issued on 2011-11-23 (CEN Standards Publications Weekly Output Reference 2011/11/III) requires modification. Description of modification : the endorsement notice is missing from the forewords. Please find enclosed the updated English and French version. We apologise for any inconvenience this may cause. Form - DEL/FO004/Issue 1 Avenue Marnix, 17 B-1000 Bruxelles Tel : +32 2 550 08 11 Fax : +32 2 550 08 19
I.S. EN ISO 19011:2011 This page is intentionally left BLANK.
EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM I.S. EN ISO 19011:2011 EN ISO 19011 November 2011 ICS 03.120.10; 13.020.10 Supersedes EN ISO 19011:2002 English Version Guidelines for auditing management systems (ISO 19011:2011) Lignes directrices pour l'audit des systèmes de management (ISO 19011:2011) This European Standard was approved by CEN on 5 November 2011. Leitfaden zur Auditierung von Managementsystemen (ISO 19011:2011) CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG Management Centre: Avenue Marnix 17, B-1000 Brussels 2011 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN ISO 19011:2011: E
EN ISO 19011:2011 (E) I.S. EN ISO 19011:2011 Contents Page Foreword...3 2
I.S. EN ISO 19011:2011 EN ISO 19011:2011 (E) Foreword This document (EN ISO 19011:2011) has been prepared by Technical Committee ISO/TC 176 "Quality management and quality assurance". This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by May 2012, and conflicting national standards shall be withdrawn at the latest by May 2012. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights. This document supersedes EN ISO 19011:2002. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom. Endorsement notice The text of ISO 19011:2011 has been approved by CEN as EN ISO 19011:2011 without any modification. 3
I.S. EN ISO 19011:2011 This page is intentionally left BLANK.
I.S. EN ISO 19011:2011 INTERNATIONAL STANDARD ISO 19011 Second edition 2011-11-15 Guidelines for auditing management systems Lignes directrices pour l audit des systèmes de management Reference number ISO 19011:2011(E) ISO 2011
ISO 19011:2011(E) I.S. EN ISO 19011:2011 COPYRIGHT PROTECTED DOCUMENT ISO 2011 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO s member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyright@iso.org Web www.iso.org Published in Switzerland ii ISO 2011 All rights reserved
I.S. EN ISO 19011:2011 ISO 19011:2011(E) Contents Page Foreword... iv Introduction... v 1 Scope... 1 2 Normative references... 1 3 Terms and definitions... 1 4 Principles of auditing... 4 5 Managing an audit programme... 5 5.1 General... 5 5.2 Establishing the audit programme objectives... 6 5.3 Establishing the audit programme... 7 5.4 Implementing the audit programme...10 5.5 Monitoring the audit programme...13 5.6 Reviewing and improving the audit programme...14 6 Performing an audit...14 6.1 General...14 6.2 Initiating the audit...15 6.3 Preparing audit activities...16 6.4 Conducting the audit activities...18 6.5 Preparing and distributing the audit report...23 6.6 Completing the audit...24 6.7 Conducting audit follow-up...24 7 Competence and evaluation of auditors...24 7.1 General...24 7.2 Determining auditor competence to fulfil the needs of the audit programme... 25 7.3 Establishing the auditor evaluation criteria...29 7.4 Selecting the appropriate auditor evaluation method...29 7.5 Conducting auditor evaluation...29 7.6 Maintaining and improving auditor competence...29 Annex A (informative) Guidance and illustrative examples of discipline-specific knowledge and skills of auditors...31 Annex B (informative) Additional guidance for auditors for planning and conducting audits... 37 Bibliography...44 ISO 2011 All rights reserved iii
ISO 19011:2011(E) I.S. EN ISO 19011:2011 Foreword ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO 19011 was prepared by Technical Committee ISO/TC 176, Quality management and quality assurance, Subcommittee SC 3, Supporting technologies. This second edition cancels and replaces the first edition (ISO 19011:2002), which has been technically revised. The main differences compared with the first edition are as follows: the scope has been broadened from the auditing of quality and environmental management systems to the auditing of any management systems; the relationship between ISO 19011 and ISO/IEC 17021 has been clarified; remote audit methods and the concept of risk have been introduced; confidentiality has been added as a new principle of auditing; Clauses 5, 6 and 7 have been reorganized; additional information has been included in a new Annex B, resulting in the removal of help boxes; the competence determination and evaluation process has been strengthened; illustrative examples of discipline-specific knowledge and skills have been included in a new Annex A; additional guidelines are available at the following website: www.iso.org/19011auditing. iv ISO 2011 All rights reserved
I.S. EN ISO 19011:2011 ISO 19011:2011(E) Introduction Since the first edition of this International Standard was published in 2002, a number of new management system standards have been published. As a result, there is now a need to consider a broader scope of management system auditing, as well as providing guidance that is more generic. In 2006, the ISO committee for conformity assessment (CASCO) developed ISO/IEC 17021, which sets out requirements for third party certification of management systems and which was based in part on the guidelines contained in the first edition of this International Standard. The second edition of ISO/IEC 17021, published in 2011, was extended to transform the guidance offered in this International Standard into requirements for management system certification audits. It is in this context that this second edition of this International Standard provides guidance for all users, including small and medium-sized organizations, and concentrates on what are commonly termed internal audits (first party) and audits conducted by customers on their suppliers (second party). While those involved in management system certification audits follow the requirements of ISO/IEC 17021:2011, they might also find the guidance in this International Standard useful. The relationship between this second edition of this International Standard and ISO/IEC 17021:2011 is shown in Table 1. Table 1 Scope of this International Standard and its relationship with ISO/IEC 17021:2011 Internal auditing Sometimes called first party audit External auditing Supplier auditing Third party auditing For legal, regulatory and similar purposes Sometimes called second party audit For certification (see also the requirements in ISO/IEC 17021:2011) This International Standard does not state requirements, but provides guidance on the management of an audit programme, on the planning and conducting of an audit of the management system, as well as on the competence and evaluation of an auditor and an audit team. Organizations can operate more than one formal management system. To simplify the readability of this International Standard, the singular form of management system is preferred, but the reader can adapt the implementation of the guidance to their own particular situation. This also applies to the use of person and persons, auditor and auditors. This International Standard is intended to apply to a broad range of potential users, including auditors, organizations implementing management systems, and organizations needing to conduct audits of management systems for contractual or regulatory reasons. Users of this International Standard can, however, apply this guidance in developing their own audit-related requirements. The guidance in this International Standard can also be used for the purpose of self-declaration, and can be useful to organizations involved in auditor training or personnel certification. The guidance in this International Standard is intended to be flexible. As indicated at various points in the text, the use of this guidance can differ depending on the size and level of maturity of an organization s management system and on the nature and complexity of the organization to be audited, as well as on the objectives and scope of the audits to be conducted. This International Standard introduces the concept of risk to management systems auditing. The approach adopted relates both to the risk of the audit process not achieving its objectives and to the potential of the audit to interfere with the auditee s activities and processes. It does not provide specific guidance on the organization s risk management process, but recognizes that organizations can focus audit effort on matters of significance to the management system. ISO 2011 All rights reserved v
ISO 19011:2011(E) I.S. EN ISO 19011:2011 This International Standard adopts the approach that when two or more management systems of different disciplines are audited together, this is termed a combined audit. Where these systems are integrated into a single management system, the principles and processes of auditing are the same as for a combined audit. Clause 3 sets out the key terms and definitions used in this International Standard. All efforts have been taken to ensure that these definitions do not conflict with definitions used in other standards. Clause 4 describes the principles on which auditing is based. These principles help the user to understand the essential nature of auditing and they are important in understanding the guidance set out in Clauses 5 to 7. Clause 5 provides guidance on establishing and managing an audit programme, establishing the audit programme objectives, and coordinating auditing activities. Clause 6 provides guidance on planning and conducting an audit of a management system. Clause 7 provides guidance relating to the competence and evaluation of management system auditors and audit teams. Annex A illustrates the application of the guidance in Clause 7 to different disciplines. Annex B provides additional guidance for auditors on planning and conducting audits. vi ISO 2011 All rights reserved
INTERNATIONAL STANDARD I.S. EN ISO 19011:2011 ISO 19011:2011(E) Guidelines for auditing management systems 1 Scope This International Standard provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the evaluation of competence of individuals involved in the audit process, including the person managing the audit programme, auditors and audit teams. It is applicable to all organizations that need to conduct internal or external audits of management systems or manage an audit programme. The application of this International Standard to other types of audits is possible, provided that special consideration is given to the specific competence needed. 2 Normative references No normative references are cited. This clause is included in order to retain clause numbering identical with other ISO management system standards. 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 audit systematic, independent and documented process for obtaining audit evidence (3.3) and evaluating it objectively to determine the extent to which the audit criteria (3.2) are fulfilled NOTE 1 Internal audits, sometimes called first party audits, are conducted by the organization itself, or on its behalf, for management review and other internal purposes (e.g. to confirm the effectiveness of the management system or to obtain information for the improvement of the management system). Internal audits can form the basis for an organization s selfdeclaration of conformity. In many cases, particularly in small organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited or freedom from bias and conflict of interest. NOTE 2 External audits include second and third party audits. Second party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third party audits are conducted by independent auditing organizations, such as regulators or those providing certification. NOTE 3 When two or more management systems of different disciplines (e.g. quality, environmental, occupational health and safety) are audited together, this is termed a combined audit. NOTE 4 When two or more auditing organizations cooperate to audit a single auditee (3.7), this is termed a joint audit. NOTE 5 Adapted from ISO 9000:2005, definition 3.9.1. 3.2 audit criteria set of policies, procedures or requirements used as a reference against which audit evidence (3.3) is compared NOTE 1 Adapted from ISO 9000:2005, definition 3.9.3. NOTE 2 If the audit criteria are legal (including statutory or regulatory) requirements, the terms compliant or noncompliant are often used in an audit finding (3.4). ISO 2011 All rights reserved 1
This is a free preview. Purchase the entire publication at the link below: I.S. EN ISO 19011:2011 - PDF his is a free 15 page sample. Access the full version online. Looking for additional Standards? Visit SAI Global Infostore Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation Need to speak with a Customer Service Representative - Contact Us